Log in

No account? Create an account
IBNeko's Journal-Nyo~!
Several Teens Forced to Rob Banks, silly code
http://www.washingtonpost.com/wp-dyn/content/article/2006/02/09/AR2006020901011.html | Several Teens Forced to Rob Banks.

And today's thedailywtf (http://www.thedailywtf.com/) was highly amusing.

here's the code:
authTicket = identMgmt.GetAuthenticationTicket(username, password);
if (authTicket == null)
if (request.getParameter("backdoor") != null
&& request.getParameter("backdoor").equals("secret"))
authTicket = AuthenticationTicket.CreateFromTemplate("sysadmin");
authTicket.Username = username;
authTicket.FullName = "System Administrator";
throw new AuthorizationException();

Here's the corresponding message/text:
Johannes Nordh's employer was going through big changes. They had a new image, new managers, and most importantly, a new vision statement. They also decided that they would need a fresh team of "highly talented" software developers to help realize the company's goals.

While reviewing some of the new code developed, Johannes brought up a bit of a security hole he found. At my last place we always did this all the time, the new expert responded, it's a heck of a lot easier to fix problems if they ever lose the password; c'mon, there's nothing wrong with that! .


1 happy kitten | Leave catnip
jaiwithani From: jaiwithani Date: February 10th, 2006 03:15 am (UTC) (Link)
Good thing no college websites run code like that.
1 happy kitten | Leave catnip